CVE-2008-4210

Priority
Low
Description
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid
and setgid bits when there is a write to a file, which allows local users
to gain the privileges of a different group, and obtain sensitive
information or possibly have unspecified other impact, by creating an
executable file in a setgid directory through the (1) truncate or (2)
ftruncate function in conjunction with memory-mapped I/O.
Ubuntu-Description
David Watson discovered that the kernel did not correctly strip
permissions when creating files in setgid directories. A local user
could exploit this to gain additional group privileges. This issue
only affected Ubuntu 6.06.
References
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:needed
Ubuntu 8.04 LTS (Hardy Heron):DNE
Patches:
Vendor:http://svn.debian.org/wsvn/kernel/dists/etch-security/linux-2.6/debian/patches/bugfix/open-allows-sgid-in-sgid-directory.patch
Package
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.22)
Ubuntu 8.04 LTS (Hardy Heron):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:19:06 UTC (commit 5347)